diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/file.scm | 5 | ||||
-rw-r--r-- | gnu/packages/patches/file-CVE-2019-18218.patch | 55 |
3 files changed, 2 insertions, 59 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 0ba01efcc6..4677c42979 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -852,7 +852,6 @@ dist_patch_DATA = \ %D%/packages/patches/fbreader-curl-7.62.patch \ %D%/packages/patches/fifo-map-fix-flags-for-gcc.patch \ %D%/packages/patches/fifo-map-remove-catch.hpp.patch \ - %D%/packages/patches/file-CVE-2019-18218.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-test-rwlock-threads.patch \ %D%/packages/patches/flann-cmake-3.11.patch \ diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index cf770297c4..bac951f9c5 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -30,15 +30,14 @@ (define-public file (package (name "file") - (version "5.37") + (version "5.38") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) - (patches (search-patches "file-CVE-2019-18218.patch")) (sha256 (base32 - "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9")))) + "0d7s376b4xqymnrsjxi3nsv3f5v89pzfspzml2pcajdk5by2yg2r")))) (build-system gnu-build-system) ;; When cross-compiling, this package depends upon a native install of diff --git a/gnu/packages/patches/file-CVE-2019-18218.patch b/gnu/packages/patches/file-CVE-2019-18218.patch deleted file mode 100644 index 21069823b7..0000000000 --- a/gnu/packages/patches/file-CVE-2019-18218.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix CVE-2019-18218: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218 - -Patch copied from upstream source repository: - -https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 - -From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Mon, 26 Aug 2019 14:31:39 +0000 -Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz) - ---- - src/cdf.c | 9 ++++----- - src/cdf.h | 1 + - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/cdf.c b/src/cdf.c -index 9d6396742..bb81d6374 100644 ---- a/src/cdf.c -+++ b/src/cdf.c -@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - } - nelements = CDF_GETUINT32(q, 1); -- if (nelements == 0) { -- DPRINTF(("CDF_VECTOR with nelements == 0\n")); -+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { -+ DPRINTF(("CDF_VECTOR with nelements == %" -+ SIZE_T_FORMAT "u\n", nelements)); - goto out; - } - slen = 2; -@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - goto out; - inp += nelem; - } -- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", -- nelements)); - for (j = 0; j < nelements && i < sh.sh_properties; - j++, i++) - { -diff --git a/src/cdf.h b/src/cdf.h -index 2f7e554b7..05056668f 100644 ---- a/src/cdf.h -+++ b/src/cdf.h -@@ -48,6 +48,7 @@ - typedef int32_t cdf_secid_t; - - #define CDF_LOOP_LIMIT 10000 -+#define CDF_ELEMENT_LIMIT 100000 - - #define CDF_SECID_NULL 0 - #define CDF_SECID_FREE -1 |